Connect with us

Business

2025 AI Insights: Threat Detection and Response

By Andrew Grealy, Head of Armis Labs, and Michael Freeman, Head of Threat Intelligence

In 2024, advancements in artificial intelligence (AI) have led to increasingly sophisticated threat actor exploits, such as deepfake technology used in misinformation campaigns and AI-driven phishing attacks that mimic legitimate communications. As we approach 2025, significant transformations in the use of AI in threat detection, threat intelligence, and automated response/remediation will reshape the tools, strategies, and collaborative efforts used in combating sophisticated threat actors and their AI-powered attacks.

According to a recent report by Cybersecurity Ventures, there has been a 35% increase in the adoption of advanced threat detection tools among Fortune 500 companies. Also, Gartner predicts that 70% of organisations will have integrated AI-driven threat intelligence systems by 2025, enhancing their ability to identify and mitigate threats before they manifest into major incidents.

Threat detection and response is likely to evolve over the next year, emphasising the necessity of using AI-driven threat intelligence to fight fire with fire. This includes preemptive, early warning strategies, which emphasise proactive measures to identify and neutralise threats before they can inflict damage.

Strategic Incident Prevention and Response Planning with Early Warning

Organisations are increasingly focusing on early warning strategies to detect and prevent threats before they materialise. By leveraging actionable intelligence, they can proactively address common vulnerabilities, reducing the likelihood of attacks at their source. Identifying the root weaknesses behind these vulnerabilities and addressing them comprehensively allows organisations to prevent entire categories of similar attacks. For instance, many organisations employ multi-factor authentication (MFA) to prevent account takeover attacks, exemplifying a “left of boom” approach.

In military terms, “left of boom” refers to actions taken to disrupt adversary plans before an explosive event occurs. In cybersecurity, it signifies a proactive stance to detect and mitigate threats before they penetrate defences. Just as intelligence gathering is essential in military operations to foresee and thwart attacks, cyber threat intelligence plays a similar role in identifying potential weaknesses and threat vectors early on.

More organisations and government agencies will likely conduct internal tabletop exercises for various attack scenarios. These exercises and regularly updated incident response playbooks, will ensure preparedness against current threats. These proactive approaches will help minimise potential damage and speed recovery in the event of an attack.

Rise of Detection-as-Code    

Today’s Security Operations Center (SOC) detections often lack robust validation for accuracy, resulting in limited effectiveness against real threats. This is largely due to the ad-hoc implementation of detection processes, where rules are hastily added to SIEM systems without rigorous testing. However, the widespread adoption of detection-as-code (DaC) is expected to transform SOC capabilities. This methodology will allow SOC teams to program, version control, and deploy detection logic with the precision and efficiency of continuous integration/continuous delivery (CI/CD) pipelines in software development.

DaC will empower SOCs to rapidly respond to evolving threats, enabling automated and continuous updates to detection rules aligned with the latest threat intelligence. Integrating CI/CD principles will allow for continuous testing of detection logic, reducing false positives and enhancing detection accuracy while fostering collaboration between security engineers and developers. Moreover, embedding AI within the detection pipeline will enhance the adaptive capabilities of SOCs, allowing for advanced threat detection and response. Ultimately, DaC will bring agility to SOC operations, enabling organisations to stay ahead of fast-evolving adversaries with real-time, validated detections and highly adaptable detection strategies tailored to emerging attack vectors.

Synthetic Data for AI Training

In 2025, the growing concerns around data privacy and regulatory constraints will drive a significant increase in the use of synthetic data for training AI models in cybersecurity. Synthetic data will enable AI systems to learn patterns, detect threats, and improve defences without accessing sensitive or personally identifiable information (PII). This approach ensures compliance with privacy laws like GDPR while allowing for robust AI-driven security measures to be developed.

Open Source Software Libraries

Open-source software libraries will remain a prime target for threat actors, as they are integral to many commercial and enterprise applications. The inherent transparency of these libraries offers attackers an accessible entry point to exploit vulnerabilities, insert malicious code, or compromise supply chains. As dependency on open-source components grows, securing these libraries becomes paramount. Threat actors persistently scrutinise popular libraries for weaknesses, using them as launchpads for widespread attacks. Consequently, ensuring software supply chain security is becoming an imperative priority for both developers and security professionals. By implementing rigorous assessment and monitoring strategies, organisations can fortify their defences against these pervasive threats.

 

Generative AI in Cybersecurity

Generative AI models are poised to play a critical role in cybersecurity for attackers and defenders. On the defensive front, these models will aid in crafting advanced playbooks, formulating security policies, generating test cases for security solutions, and streamlining processes such as patch management. Conversely, adversaries may harness generative AI to refine social engineering techniques or automate the development of malicious code. Cybercriminals could utilise AI to tailor phishing attacks, weaponise existing vulnerabilities, and create AI-driven malware that adapts dynamically to bypass security measures. Consequently, cybersecurity experts will require robust AI-powered tools to identify and counteract these evolving threats, underscoring the importance of staying ahead in the AI arms race to secure digital environments.

 

SOAR with AI: The Future of Cybersecurity Operations

The promise of SOAR (Security Orchestration, Automation, and Response) has been significant in streamlining cybersecurity operations. However, it has yet to fully deliver on its potential. The integration of AI into SOAR platforms promises to revolutionise this landscape, transforming these systems into the intelligent, responsive tools they were always envisioned to be. By utilising AI for dynamic and adaptive defence strategies, SOAR can enhance its capabilities to automate complex threat detection, analysis, and response processes with unprecedented efficiency and precision. This evolution will realise the true potential of SOAR, establishing it as a critical component in contemporary cybersecurity defence frameworks. With AI-driven reasoning, organisations can achieve faster mean time to detect (MTTD) and mean time to respond (MTTR), streamlining incident response processes and bolstering overall threat management.

In the cybersecurity landscape in 2025, organisations must adopt proactive measures and leverage AI-driven tools to stay ahead of evolving threats. By focusing on understanding and implementing early threat detection, real-time intelligence, and cutting-edge technologies, businesses can fortify their defences and ensure robust protection against cyber adversaries.

 

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

Technology’s Role in Transforming Insurance: From AI to Cyber Risk 

Source: Finance Derivative

Authored by Samiul Chowdhury, Principal Actuarial Consultant, RNA Analytics 

The insurance industry is undergoing a significant transformation, driven by rapid advancements in technology. From property and casualty to life insurance, the role of digital solutions has never been more important. Today, it’s almost impossible to imagine a successful, compliant insurance business without technology at its core. 

But how exactly is technology reshaping the insurance landscape? And what does it mean for the future of actuarial work, AI, and cyber risk? Let’s explore. 

The Essential Role of Technology in Modern Insurance 

Technology is the cornerstone of the successful modern insurance business – whether property, casualty or life. It’s no longer optional—it’s essential! Operating a successful and compliant insurance company today without the help of software solutions would be a real challenge. Whether it’s managing customer data, meeting regulatory demands, or assessing risk, technology is at the heart of everything modern insurers do.  

In recent years, regulatory compliance has been a top priority for (re)insurers across the globe, with IFRS 17 probably the number one focus. The new accounting standards are highly complex, and their implementation has forced many insurers to rethink and redesign their entire approach to financial reporting and infrastructure. However, this challenge has also been a catalyst for technological innovation.  

One of the most significant changes brought about by IFRS 17 is the integration of traditionally siloed such as functions such as actuarial, finance and accounting functions. This alignment gives insurers unprecedented insight into opportunities and risks, enabling them to make more informed decisions. Beyond compliance, accuracy and extensive flexibility, this integration offers insurers a chance to enhance accuracy, achieve greater flexibility, and gain a deeper understanding of their financial landscape. 

How AI is Changing the Actuarial World 

Much has been said aboutArtificial Intelligence (AI) and its potential to disrupt industries. In insurance, AI is already proving to be a game-changer, especially in actuarial work. With the right approach, AI holds great promise of making processes smoother and bringing faster, more accurate decision-making into play. 

However, AI is not here to replace actuaries. Instead, it enhances actuaries’ roles by automating their routine tasks such as data pre-processing, model fitting, and report generation. This automation allows actuaries to focus on more strategic tasks, giving them a more central role within the organizations. 

Meanwhile, AI modelling introduces new sources of uncertainty. Actuaries must understand the limitations and assumptions behind the AI models they are using. It’s important to ensure that these are fair, unbiased, and ethical —particularly when it comes to pricing and underwriting. This means actuaries will need to pick up new skills, especially in data science and programming languages like Python and R.  

In other words, AI offers actuaries the chance to work more efficiently and strategically, but only if they are prepared to navigate the complexities it brings. 

The Growing Challenge of Cyber Risk. How Do Insurers Keep Up?  

Cyber risk has emerged as one of the most significant threats insurers face today. Cyber insurance is not the same as it was twenty years ago. The policies were relatively simpler, and insurers didn’t have as much data or experience to rely on. Today, they are more complex, reflecting the increased scale and sophistication of cyber threats. 

As cyberattacks have increased, so has our ability to model and understand them. Insurers have gained more data over time, which has allowed them to get a better grip on the risks involved. However, here is the thing: technology evolves, and so do the threats. Whether it’s a data breach, ransomware attack, or even non-malicious technical failures like the recent CrowdStrike outage, the risks are more systemic and far-reaching than ever.  

Looking ahead, as we enter the Web3 era where information becomes ever more interconnected and managed by semantic metadata, we’ll have a complete set of new vulnerabilities. Business models will shift, and with that, the risks insurers will need to cover. By 2044, cyber insurance policies will probably look quite different from what we see today. 

Conclusion 

The insurance industry is at a turning point, driven by the rapid adoption of technology and the increasing complexity of risks like cyber threats. To stay ahead of the curve, insurers need to embrace AI, data-driven decision-making processes, and advanced risk models. 

Continue Reading

Business

The EPC’s Verification of Payee rulebook: Five things banks need to consider

Source: Finance Derivative

Pratiksha Pathak, Head of Payments Services at RedCompass Labs, shares her insights on the Verification of Payee’s (VoP) impact and what it means for European payment service provers (PSPs).

Fraud is an ever-present threat in the payments landscape, and with the rise of instant payments, the risk has never been greater. While these rapid transactions offer unmatched convenience, they also pave the way for instant fraud, leaving financial institutions with minimal time to intercept suspicious activity.

In October, the European Payments Council (EPC) published the long-awaited Verification of Payee rulebook, which marked a major milestone in the SEPA Instant Payment Regulations (IPR) and a key effort to combat payments fraud.

In 2022 alone, fraudulent credit transfers, direct debits, card payments, cash withdrawals, and e-money transactions across the EEA reached a staggering €4.3 billion, with an additional €2.0 billion lost in just the first half of 2023.

The VoP rulebook aims to standardise how banks confirm payee account details, protecting consumers from fraudulent transactions.  However, while the intentions are solid, the new regulations present several challenges that banks must address swiftly and efficiently.

  • Tight deadlines leave no room for error

The deadlines are tight. Banks must have a VoP solution in place across all payment channels by 5th October 2025, which is just four days before the IPR comes into effect. Unfortunately, it doesn’t matter if a bank uses an existing domestic verification service since the rulebook standardises how account information is verified in payments across Europe.

This means that every bank will need to adapt or overhaul its systems to meet pan-European standards. Given the verification process will apply to both SEPA and SEPA Instant payments across all payment channels, it will be a big lift for banks.

The challenges are compounded by the rollout of the EPC Directory Service (EDS), which is the centralised database that underpins the scheme. The EDS won’t be ready for testing until late June 2025. This leaves only three months for banks to complete end-to-end testing and fully deploy their solutions.

Some aspects of VoP, such as APIs and channel infrastructure, can be built in advance, but banks won’t be able to conduct end-to-end testing until after the EDS is ready. For institutions grappling with legacy systems or more complex architectures, the timeline is daunting and leaves little to no room for error.

  • The 5-second rule is a small change with a big impact

Another key change is the extended verification window. Banks now have five seconds, rather than three, to confirm payee account details across all channels.

Whilst this may seem generous, it is still a tight squeeze given the intricacies involved. This means that both the payment engine and all customer-facing channels—whether online, mobile, phone, or paper-based—must be highly available, fast, and scalable. 

Ensuring a smooth customer experience, especially for non-digital transactions, will test banks’ technological limits. While mobile and online platforms might be better equipped, accommodating phone and bulk transactions introduces layers of complexity.

It may be more time than before, but the five-second verification window leaves little margin for error – never mind the one-second timeframe the EPC would prefer. 

  • Bulk payments are a logistical headache

One of the most complex aspects is VoP’s application to bulk-payment files, such as salary payouts. The rulebook demands that each individual payment in a file undergo verification, potentially creating a logistical nightmare.

Imagine a scenario where thousands of payments trigger a mix of ‘match’, ‘close match’, and ‘no match’ results. As a bank, how do you relay this information to your client within 5 seconds? Do you provide the notifications in a file? Through an app? A checklist? 

Handling a flood of verification requests within seconds requires not only a robust infrastructure but also meticulous planning. Banks must devise sophisticated mechanisms to process and deliver results without disrupting the broader payment workflow to prevent operational chaos.

  • Legacy systems will feel the pain

For many banks, the biggest challenge lies in integrating VoP into long-established SEPA payment systems because it requires modifications to processes that are already running smoothly. 

Banks need to ensure that all their payment channels can incorporate VoP functionality without disrupting the current flow. Banks may need to upgrade or completely rework several parts, making the process complicated and costly.

Verifying payees at the beginning of a transaction requires changes to how these systems interact and handle data. Banks will also need to ensure that existing transactions continue without delays and errors, which will prove to be a big challenge for those with multiple existing payment channels.

  • Navigating routing and verification is complex

The new EPC/European Directory Service (EDS) may bring operational challenges. Whilst the EDS serves as a directory, it doesn’t handle the actual routing or verification of VoP requests and responses. Most banks now need to develop their own routing and verification mechanisms (RVMs).

These RVMs will act as connection points for participants and banks must either integrate directly with the EDS or use an RVM to route VoP requests. However, using an RVM doesn’t absolve the responding PSP of its responsibilities under the scheme’s rules.

Banks face a significant challenge in setting up or partnering with an RVM to manage this new process, but finding an RVM supplier will be a good place to start. 

The bottom line

The EPC’s VoP rulebook is a decisive step forward in improving payment security across Europe, but it also introduces significant challenges for banks. 

As banks start to prepare for this overhaul, balancing compliance with operational efficiency will be key to protecting customers whilst maintaining a seamless payment experience.

European banks have their work cut out for them. The demands of implementing VoP are high, and the timeline is short. But with the right expertise and strategic planning, it can be done.

Continue Reading

Business

How eCash and digital wallets will diversify the payments landscape in 2025

Source: Finance Derivative

Written by Fernando Costa-Cabral, SVP Branded Payments, and Ishan Vaid, VP Core Features, at Paysafe.

Throughout 2025, we’ll see two seemingly opposing payment methods – eCash and digital wallets – further reshaping how consumers manage their money. While cash – and future access to it – is still critically important for consumers, digital payments are undergoing a huge transformation.

eCash will continue to bridge the digital divide by ensuring consumers can use physical currency to buy goods and services online. As a result, businesses will leverage it as a democratizing force to promote financial inclusion and serve diverse consumer segments.

Digital wallets also have a major role to play in the evolving payments landscape, with 32% of consumers reporting to have increased their use of wallets in 2024. A notable development is the rise of brand-owned wallets, as businesses outside the financial services sector seek to establish closed-loop ecosystems to control and enhance the customer experience.
 

With a view to the year ahead, here is how eCash and digital wallets will evolve throughout 2025.

Bridging the digital divide with eCash


Even in today’s digital world, cash plays a vital role in consumer finances. Recent research from Paysafe has revealed that 63% of consumers harbor concerns about losing access to cash, while 44% want the option to buy items online and pay in cash at a brick-and-mortar store.

This preference stems from the unique advantages of cash: it provides tangible financial security, enables precise spending control, and helps users avoid the often-hidden costs commonly associated with credit-based payments. Across geographies, cash remains essential for reducing financial anxiety and ensuring reliable transactions.

Despite its enduring importance, cash has largely remained on the sidelines of the recent payment revolution. Traditional cash-based operations continue to be cumbersome and time-consuming – whether it’s depositing physical money into a bank account, coordinating international cash transfers, or attempting to set up installment payments. Furthermore, the retail sector has generally overlooked cash users when developing modern consumer incentives such as cashback programs, buy-now-pay-later (BNPL) schemes, or subscription-based services, creating a noticeable gap in the market.

That is all now changing. This year, eCash will solidify its position as the right solution to bridge this divide between physical currency and our increasingly digital economy – making cash more relevant and accessible in the modern world. In the year ahead, eCash’s progression will materialize through three main developments: enhanced security measures, value-added features, and a significantly improved user experience. With these improvements, eCash can transform traditional cash into a simple and secure payment method with the same core benefits that make cash valuable to many people.

Digital wallets will diversify the payments landscape


In a similar vein to eCash, digital wallets are diversifying the payments landscape, with non-financial brands increasingly venturing into the territory once dominated by incumbent financial service providers. By acquiring their own digital wallet solutions, these brands are reducing their dependence on external financial institutions and enhancing the payment experience.

The trend toward brand-owned wallets has already gained traction in Asian markets, with e-wallets now being offered by ride-hailing apps and e-commerce platforms – and we anticipate a significant uptake in markets like the UK over the coming year. Specifically, retail chains, gaming platforms, and logistics companies are all exploring how digital wallets can streamline their payment processes, strengthen customer loyalty, and deliver greater control over the user experience.

There’s particularly strong momentum building around white-label wallet solutions, which provide businesses with a sophisticated approach to payment integration. These solutions enable brands to incorporate advanced wallet functionalities directly into their existing platforms while maintaining complete control over their user interface and experience. This development aligns with a broader strategic shift we’ve observed across various sectors – from gaming and retail to mobility services – where brands increasingly want a closed-loop ecosystem that they manage.

In 2025, we can anticipate four key evolutionary trends in the digital wallet space. First, we will see even more seamless integration of wallet functionality into non-financial platforms, allowing users to complete transactions without leaving their preferred brand’s ecosystem. Second, there will be significant advances in real-time currency conversion capabilities and multi-currency wallet features, catering to the growing demands of global commerce and international travel. Third, we can expect enhanced instant settlement capabilities, supported by faster payment rails that align with contemporary consumer expectations for immediate transaction processing and gratification. Finally, there will be an increased emphasis on sustainability, with digital wallets incorporating eco-friendly features such as carbon footprint tracking to meet the growing consumer demand for environmentally responsible financial services.

While these two technologies and their respective journeys aren’t necessarily joined at the hip, as 2025 unfolds both eCash and digital wallets will help to create a more accessible and customer-centric financial system. This evolution isn’t about choosing between cash and digital – it’s about seamlessly bridging both worlds, giving consumers and brands greater control over how they pay and get paid.

Continue Reading

Copyright © 2021 Futures Parity.